There's often a lot of discussions on security mailing lists about the
legality of security research, proof-of-concept exploits, penetration
testing, war-driwing, reverse engineering, lack of vendor notification,
patent issues, copy protection circumvention and much more.
Currently, France it outlawing any kind of security research:
http://www.securityfocus.com/archive/1/360007/2004-04-06/2004-04-12/1
Back in January, the WebAppSec mailing list had a discussion about a
patent from Sanctum that claimed to cover all forms of web application
penetration testing:
http://www.securityfocus.com/archive/107/350322/2004-01-13/2004-01-19/1
http://www.securityfocus.com/archive/107/350110/2004-01-13/2004-01-19/2
If you feel like discussiong the legal issues surrounding security
research, I created a mailing list back then called SecLegal for this
very purpose. To subscribe, either visit
http://seclegal.jscript.dk
Or send a subscribe request to seclegal-request_at_lists.jscript.dk
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor_at_pivx.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
Received on Apr 09 2004
Intro
